[rabbitmq-discuss] ssl ciphers with federation

Karras, Thomas KarrasT at Pragmatics.com
Fri Dec 20 20:12:16 GMT 2013



I'm having some issues using federation with SSL. We are using a FIPS
openSSL client and the default SSL cipher seems to use md5 which is not
allowed. This causes the following error when trying to start up
rabbitMQ without setting a specific cipher.


md5_dgst.c(78): OpenSSL internal error, assertion failed: Digest MD5
forbidden in FIPS mode!


This error goes away and RabbitMQ starts up fine when a cipher is set in
the rabbitmq.config file. The problem comes up again when we set up
federation over SSL. In the latest version of RabbitMQ(3.2.2) there does
not seem to be a place to set up ssl_options for the federation
configuration, so once we setup a new upstream with SSL the server
crashes with the same MD5 forbidden error. Is there a way to default
erlang or maybe another parameter in the federation plugin where I can
set the SSL cipher for the federation client?




Thomas Karras

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20131220/fd094482/attachment.html>

More information about the rabbitmq-discuss mailing list